In (what I suppose to be) the spirit of Christmas, The Tor Project has published a set of principles that I think could guide policy on the technologies that we talk about here. They are designed in the same mindset as Larry Lessig's four principles of regulation (https://en.wikipedia.org/wiki/Code_and_Other_Laws_of_Cyberspace).
Here they are:
1. Do not rely on the law to protect systems or users.
2. Prepare policy commentary for quick response to crisis.
3. Only keep the user data that you currently need.
4. Give users full control over their data.
5. Allow pseudonymity and anonymity.
6. Encrypt data in transit and at rest.
7. Invest in cryptographic R&D to replace non-cryptographic systems.
8. Eliminate single points of security failure, even against coercion.
9. Favor open source and enable user freedom.
10. Practice transparency: share best practices, stand for ethics, and report abuse.